{"id":39689,"date":"2021-02-23T00:50:23","date_gmt":"2021-02-23T00:50:23","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/"},"modified":"2021-02-23T00:50:23","modified_gmt":"2021-02-23T00:50:23","slug":"the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/","title":{"rendered":"The perils of non-disclosure? China &#8216;cloned and used&#8217; NSA zero-day exploit for years before it was made public"},"content":{"rendered":"<p>A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed.<\/p>\n<p>Check Point put out a <a target=\"_blank\" href=\"https:\/\/blog.checkpoint.com\/2021\/02\/22\/jian-the-chinese-double-edged-cyber-sword\/\" rel=\"noopener noreferrer\">report<\/a> on Monday digging into Chinese malware it calls Jian, and argues persuasively this particular software nasty was spawned sometime around 2014 from NSA exploit code that eventually <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2017\/04\/14\/latest_shadow_brokers_data_dump\/\" rel=\"noopener noreferrer\">leaked<\/a> online in 2017.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",button,mpu,\" data-sm=\",button,mpu,\" data-md=\",button,banner_plus,mpu\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The timeline basically seems to be, according to Check Point:<\/p>\n<ul>\n<li><b>2013:<\/b> NSA&#8217;s Equation Group developed a set of exploits including one called EpMe that elevates one&#8217;s privileges on a vulnerable Windows system to system-administrator level, granting full control. This allows someone with a foothold on a machine to commandeer the whole box.<\/li>\n<li><b>2014-2015:<\/b> China&#8217;s hacking team code-named APT31, aka Zirconium, developed Jian by, one way or another, cloning EpMe.<\/li>\n<li><b>Early 2017:<\/b> The Equation Group&#8217;s tools were teased and then leaked online by a team calling itself the Shadow Brokers. Around that time, Microsoft <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2017\/02\/14\/microsoft_patch_tuesday_delayed\/\" rel=\"noopener noreferrer\">cancelled<\/a> its February Patch Tuesday, identified the vulnerability exploited by EpMe (CVE-2017-0005), and <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2017\/03\/15\/microsoft_massive_patch_tuesday_bundle\/\" rel=\"noopener noreferrer\">fixed<\/a> it in a bumper March update. Interestingly enough, Lockheed Martin was credited as alerting Microsoft to the flaw, suggesting it was perhaps used against an American target.<\/li>\n<li><b>Mid 2017:<\/b> Microsoft quietly fixed the vulnerability exploited by the leaked EpMo exploit.<\/li>\n<\/ul>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",button,mpu_plusplus,\" data-sm=\",button,mpu_plusplus,\" data-md=\",button,mpu_plusplus,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>It could be that Beijing obtained a copy of Equation Group&#8217;s EpMe, or observed it being used and recreated it, and used it while the hole in Microsoft&#8217;s Windows remained unfixed. Or the Chinese could have found the same bug within the OS. Check Point reckons the code was lifted rather than a coincidence:<\/p>\n<p>The full sleuthing is outlined in an <a target=\"_blank\" href=\"https:\/\/research.checkpoint.com\/2021\/the-story-of-jian\/\" rel=\"noopener noreferrer\">extensive technical report<\/a>, and again raises the question over whether it is in the US intelligence community\u2019s best interests to share the details of any exploitable vulnerabilities they find \u2013 rather than try to keep them a secret and use them themselves \u2013 because, ultimately the tools will leak (or the bugs be discovered by others) and expose US businesses and institutions to hacking attempts.<\/p>\n<h3 class=\"crosshead\"> <span>More damage<\/span><br \/>\n<\/h3>\n<p>The Shadow Brokers were also responsible for leaking <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2017\/04\/14\/latest_shadow_brokers_data_dump\/\" rel=\"noopener noreferrer\">the Eternal series<\/a> of exploits that were later used to spread software nasties, such as the Wannacry ransomware and NotPetya malware.<\/p>\n<p>The Zirconium hacking crew, meanwhile, was accused of <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/09\/11\/microsoft_us_election_security_assessment\/\" rel=\"noopener noreferrer\">menacing<\/a> candidates in America&#8217;s 2020 elections. It also opens the possibility that the nightmare hack of US government departments and Fortune 500 companies <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/01\/19\/fireeye_solarwinds_code\/\" rel=\"noopener noreferrer\">through SolarWinds<\/a> networking software was the result of US-government developed exploits that had been directed back at the US.<\/p>\n<p>The security researchers note that society still has an illogical perspective on cybersecurity. \u201cWhat would you say if we told you that a foreign group managed to steal an American nuclear submarine? That would definitely be a bad thing, and would quickly reach every headline,\u201d they note. \u201cHowever, for cyber weapons \u2013 although their impact could be just as devastating \u2013 it\u2019s usually a different story.\u201d<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",button,dbutton,mpu_plus,dmpu,\" data-sm=\",button,dbutton,mpu_plus,dmpu,\" data-md=\",button,dbutton,mpu_plus,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>They go on: \u201cCyber weapons are digital and volatile by nature. Stealing them and transferring from one continent to another, can be as simple as sending an email. They are also very obscure, and their mere existence is a closely guarded secret. That is exactly why, as opposed to a nuclear submarine, stealing a cyber-weapon can easily go under the radar and become a fact known only to a selected few.\u201d \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/02\/23\/microsoft_chinese_nsa\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Check Point says Beijing &#8216;reconstructed&#8217; Equation Group&#8217;s hacking tool long before leak A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-39689","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The perils of non-disclosure? China &#039;cloned and used&#039; NSA zero-day exploit for years before it was made public 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The perils of non-disclosure? China &#039;cloned and used&#039; NSA zero-day exploit for years before it was made public 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-23T00:50:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The perils of non-disclosure? China &#8216;cloned and used&#8217; NSA zero-day exploit for years before it was made public\",\"datePublished\":\"2021-02-23T00:50:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/\"},\"wordCount\":580,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/\",\"name\":\"The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-02-23T00:50:23+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The perils of non-disclosure? China &#8216;cloned and used&#8217; NSA zero-day exploit for years before it was made public\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/","og_locale":"en_US","og_type":"article","og_title":"The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-02-23T00:50:23+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The perils of non-disclosure? China &#8216;cloned and used&#8217; NSA zero-day exploit for years before it was made public","datePublished":"2021-02-23T00:50:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/"},"wordCount":580,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/","url":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/","name":"The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-02-23T00:50:23+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YDShJODU@W1hp8DLx2j0vQAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-perils-of-non-disclosure-china-cloned-and-used-nsa-zero-day-exploit-for-years-before-it-was-made-public\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"The perils of non-disclosure? China &#8216;cloned and used&#8217; NSA zero-day exploit for years before it was made public"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39689"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39689\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}